mpack

In an interview posted on SecurityFocus, a person identifying himself as "DCT" denied that there is a cybergang responsible for creating the MPack tool, a package of malicious software responsible for the latest wave of PC compromises.

"We are just a group of people working together, but doing some illegal business," he said. He also denied any contact with real-world Russian criminals. He said the "Dream Coders Team" (DCT) consists of three people, plus a few other freelancers. The developers are all Russian, while the others are from various countries. He said $ash, an … Read more

As the automated Mpack attack continues to turn thousands of legitimate Web sites into compromised sites offering drive-by downloads of malicious software, security researcher Roger Thompson over at Exploit Prevention Labs reminds us there are other exploits compromising legitimate sites, and some are as easy to find as entering a simple search string on Google. For more than a week (starting before the current Mpack attack), Thompson has been posting a list of dangerous search strings on his blog site. I've collected these and indicated in parentheses some of the known exploits associated.